Latest Cisco CCIE Wireless 400-351 exam dumps, 400-351 PDF | 100% Free

Posted On Feb 27 2019 by

The latest Cisco CCIE Wireless 400-351 exam dumps and exercises test questions and answers,These free exercises will help you improve 400-351 CCIE Wireless test skills, We share 400-351 pdf for free to download and learn, and you can also watch 400-351 YouTube videos online! We share 40 real effective exam questions and answers for free if you want to get the full 400-351 exam dumps: (Total questions:277 Q&A)->> updated throughout the year! Make sure you pass the exam easily!

[PDF] Free Cisco 400-351 pdf dumps download from Google Drive:

[PDF] Free Full Cisco pdf dumps download from Google Drive:

400-351 CCIE Wireless – Cisco:

Latest effective Cisco 400-351 Exam Practice Tests

Which two cisco ISE option simplify the use of EAP-TLS authentication in a BYOD environment using PKI? (choose
A. Simple Certificate Enrollment Protocol
B. Lightweight Directory Access Protocol
C. Online Certificate Stats Protocol
D. Native Supplicant Provisioning
E. Certificate Signing Request.
Correct Answer: AE

Refer to the exhibitlead4pass 400-351 exam question - q2Your customer is testing native supplicant provisioning using the ISE (at and a Cisco WLC. The Cisco
WLC has an ACC Configured on it called onboarding during the testing of many different client devices (android apple
windows) it appears that these devices are never redirected to the on boarding portal through they a access the internet
which statement explain this behavior.
A. The ACL has a permit any at the end of the list redirection does not take place unless the client hits a website that
gets denied
B. The source and destination port in the ACL are not set up correctly
C. The ACL has a permit any at the end of the list redirection does not take place unless the client hits a websites that
guest permitted
D. there is nothing wrong the acl the problem must exist either on the client side or on the configured ISE authorization
Correct Answer: Clead4pass 400-351 exam question - q2-1 central-web-auth-00.html

Which two platforms provide hypervisor virtualization? (Choose two.)
A. DevStack
B. Docker
D. OpenStack
E. Xen
Correct Answer: CE

Which two features require Network Time Protocol synchronization on the Cisco 5760 WLC?(Choose two)
A. AP CAPWAP multicast
C. AP authentication
D. Band Select
Correct Answer: BC

which topology is a valid and functional convergence access topology?
5760-AIR-CT5760-25-kg 3850-WS-C3850-48P-s 5508-AIR-CT55098+25-kg 2960-WS-C2960+24TC-S 3650-WS-
C3650-24TS-L 3702-AIR-cap3702i-A-K9

lead4pass 400-351 exam question - q5 lead4pass 400-351 exam question - q5-1

Correct Answer: A

Why would you enable the RFC 3578 option when adding a new RADIUS authentication server to a WLC?
A. you want to run both RADIUS and TACACS
B. to support Disconnect and Change of Authorization
C. to encrypt communications between the WLC and the RADIUS server
D. to support RADIUS key wrapping
Correct Answer: B
If you are configuring a new RADIUS authentication server, choose Enabled from the Support for RFC 3576 drop-down
list to enable RFC 3576, which is an extension to the RADIUS protocol that allows dynamic changes to a user session,
or choose Disabled to disable this feature. The default value is Enabled. RFC 3576 includes support for disconnecting
users and changing authorizations applicable to a user session and supports disconnect and change-of-authorization
(CoA) messages. Disconnect messages cause a user session to be terminated immediately where CoA messages
modify session authorization attributes such as data filters.

Which feature insersection of a Cisco 5760 Wireless LAN Controller with HA AP SSO is not true?
A. Upon guest anchor controller switchover, mobility tunnels stay active, APs remain connected, clients rejoin at MA or
MC, and clients are anchored on the new active controller.
B. Roamed clients that have their data path going through the mobility tunnel endpoint ” become Local” in case of Layer
2 with sticky anchoring an Layer3 roam. Layer 2 roamed clients are not affected except when roaming occurs between
Cisco Unified Wireless Network and CA controllers.
C. wIPS information is synced to the standby unit. The standby unit does not have to relarn wIPS information upon
D. Switchover during AP preimage download caused the APs to start image download all over again from the new
active controller.
Correct Answer: B

You have configured VideoStream on a Cisco WLC and users are now viewing the company video broadcast over the
wireless network. How can you verify you have VideoStream configured and working in the Cisco WLC GUI?
A. The Multicast Status shows “Normal Multicast” in the Multicast Group Details.
B. The Multicast Status shows “MediaStream Ongoing” in the Client detail page.
C. The Multicast Status shows “Multicast-direct Allowed” in the Multicast Group Details.
D. The Multicast Status shows “MediaStream Allowed” in the Multicast Group Details.
Correct Answer: C

Which major block is not included in the ETSI Network Function Virtualization reference framework?
A. Network Function Visualization Infrastructure.
B. Network Function Virtualization Management and Orchestration.
C. Network Function Virtualization Policy Manager.
D. Virtualized Network Function/ Element Management Systems.
Correct Answer: C

There are 5 switches in the network use VTPv3, SW1 and SW2 configured as Server mode. SW1 is the primary server
with revision 50. When add a new SW6 with Revision 200, what will happen?
A. Switch3 updates its own database with the VLAN information received from SW2
B. VTPv3 configure own database with the VLAN information received from SW1
C. Switch6 updates its own database with the VLAN information received from SW1
D. No switch will work
Correct Answer: C

A Cisco Unified 7925G Wireless IP Phone is operating on the 5 GHz band and transmitting at a power level of 40 mW.
Which configuration must be done on the controller to avoid one-way audio?
A. In DCA, enable UNH-1 channels only.
B. Set the maximum power level assignment to 26 dBm.
C. In DCA, enable UNII-II channels only.
D. Set the maximum power level assignment to 16 dBm.
Correct Answer: D wireless-ip-phone-7925g/200032-How-to-

Refer to the exhibit,lead4pass 400-351 exam question - q12based upon the given configuration which two statement are true? (choose two)
A. local RADIUS server is used
B. No password is required everyone can join wireless network
C. Users will be required to provide a username and password for authentication
D. User will be required to provide a password only order to get access
E. Remote RADIUS servers is used
Correct Answer: AC

Which two configuration are required on the Cisco 5760 WLC to ensure that APs will successfully join the Cisco WLC?
(Choose two)
A. Enable IP DHCP SNOOPING TRUST on the wireless controller port-channel interface
B. Activate the apocopate Right-to-use AP license on the wireless LAN controller
C. Ensure that port-fast is enabled on each access point switch port
D. Ensure accurate configuration of the correct time and date on the wireless LAN controller
Correct Answer: BD

Which statement best describes MAC authentication?
A. The MAC address is used in place of the username in the EAP certificate exchange.
B. If WEP is used as a key cipher, the MAC address may be used in the key hash.
C. The MAC address can be spoofed, so it is insecure.
D. Users will not be able to connect unless some form of encryption is also used.
Correct Answer: C

Which two options are valid mobility roles in which a controller can operate in during a client mobility session? (Choose
A. local
B. auto anchor
C. export anchor
D. mobility announcer
Correct Answer: AC

Which two IETF RADIUS attributes sent by the Cisco WLC can be used to differentiate authentication requests based
on the user location?(Choose two.)
A. RADIUS attribute [31] Calling-Station-ld
B. RADIUS attribute [4] NAS-IP-Address
C. RADIUS attribute [95] NAS-IPv6-Address
D. RADIUS attribute [32] NAS-ldentifier
E. RADIUS attribute [303] Source-IP
F. RADIUS attribute [30] Called-Station-ld
Correct Answer: DFlead4pass 400-351 exam question - q16

QUESTION 17lead4pass 400-351 exam question - q17Refer to the exhibit. You have been asked to troubleshoot why VTP is not distributing new VLANs to a VTP client
switch. Which option is the most likely root cause of this VTP problem.
A. The VTP password is not set to level 15 on the client switch.
B. The VTP password encryption level is not set on the client switch.
C. The VTP encryption level does not match on the client switch.
D. The VTP password is incorrect on the client switch.
E. The client switch is set to transparent mode. Which ignores VLAN configuration updates from VTP servers.
Correct Answer: D
Each sw, and issue the command:
No vtp password lead4pass 400-351 exam question - q17-1

You are deploying a high-density wireless setup in a conference center using Cisco Aironet 3700iAPs as you have no
Cisco air not 3700e APs available. The power levels for all the APs should be set between 4 and 5 which configuration
option is needed to achieve this goal.?
A. Select the TPC values between 4 dBm and q dBm
B. Manually configure the power levels of the 802.11b and 80211a radios of all APs either 4 or 5
C. Select the tcp values between 4 dBm and dBm
D. Select the TPC values between 11 dNm and 8 dBm
Correct Answer: B

Refer to the exhibit.lead4pass 400-351 exam question - q19A wireless user has roamed from an AP connected to MA 1to AP connected to MA 3the traffic flow for the user between
roam is shown . Which option shows the traffic flow for the user after roam, considering default sticky anchoring is
enabled on the WLAN?
A. MA-3>Distribution switch>core>mc>distribution switch >MA-1
B. MA-3>Distribution switch>MA-1distribution switch >core
C. MA-3> Distribution switch>MA-2>Distribution switch >core
D. MA-3> Distribution switch >ma -2> MA-l>Distribution switch>core
Correct Answer: A

After going through the DCF process, what further process does the client go through to reserve a medium?
A. No process, it can begin transmitting immediately
B. Send a REQ, receive an ACK, send frames
C. Send an RTS and SIFS, receive a CTS and SIFS, then send frames
D. Send a CTS and SIFS, receive an RTS and SIFS, then send frames
Correct Answer: C

QUESTION 21lead4pass 400-351 exam question - q21Refer to the exhibit. What is the best way to resolve this issue?
A. Install a server certificate signed by a well-know public CA on the WLC.
B. Disable certificate checks on the client.
C. Install a server certificate signed by a well-known public CA on the Radius Server.
D. Use the certificate authority on the Cisco Identity Services Engine.
Correct Answer: C
Event: 5400 Authentication failed
Failure Reason: 12321 PEAP failed SSL/TLS handshake because the client rejected the ISE Local certificate
Cisco ISE authentication failed because client reject certificate | AAA, Identity and NAC | Cisco
Support Community because-client-reject-certificate
The error you are seeing in ISE is pointing to your client, if you have the eap settings set to “validate server certificate”
then you must manually set it to trust the rootCA that signed the ISE certificate, or you can disable this option for
You can try to remove this wireless network profile, and recreate it and see if the pop up appears which asks you to
validate the server\\’s identity.
Possible Causes
for this issue
The supplicant or client machine is not accepting the certificate from Cisco ISE.
The client machine is configured to validate the server certificate, but is not configured to trust the
Cisco ISE certificate.
Note [This is an indication that the client does not have or does not trust the Cisco ISE certificates.
Possible Causes The supplicant or client machine is not accepting the certificate from Cisco ISE.
The client machine is configured to validate the server certificate, but is not configured to trust the Cisco ISE certificate.
Resolution The client machine must accept the Cisco ISE certificate to enable authentication.

Which two statements about deploying a mesh network by MAPs/RAP?
A. A MAP/RAP must be authorized by either PSK or EAP before joining a controller in bridge mode.
B. The backhaul client access feature cannot be enabled on a RAP that is, a RAP does not allow clients on its 802.11a
C. The three main type of mesh type under the neighbor information are neighbor,parent, and child. For types default
neighbor, default parent, and default child, default is used when the neighbor BGN is not known or different from the
current AP BGN if the strict matching BGN feature is disabled.
D. Radius and Local authentications are supported with both PSK and EAP.
E. VLAN tags are always forward across Mesh links.
Correct Answer: CD

If a guest anchor controller is used outside the firewall. Which firewall ports must you open for guest access including
SNMP and mobility failover features to work in a Cisco Unified Wireless Network?
A. UDP 16666. IP protocol 90. UDP 162 163
B. UDP 16667. IP protocol 97. UDP 500 501
C. UDP 16666. IP protocol 97. UDP 161 162
D. UDP 12223. IP protocol 97. UDP 161 162
E. UDP 12222. IP protocol 90. UDP 161 162
Correct Answer: C guide/b_cg80/b_cg80_chapter_010011.htmllead4pass 400-351 exam question - q23

Which multicast mode is recommended when configuring Media Stream on a Cisco WLC?
A. multicast-uncast
B. multicast-routing
C. multicast-multicast
D. multicast-direct
Correct Answer: C

Your work as a network engineer at Your company. You study the exhibit carefully.
Exhibit:lead4pass 400-351 exam question - q25You work as a network administrator for company. Study the exhibit carefully. Intermittent outages are
occurring in a WLAN environment on a large corporate Campus. No rouge APs have been detected and Cisco
Spectrum Expert is now being utilized to help discover the source of interface. Judging from this Cisco Spectrum Expert
screen. Which interference type will you suspect?
A. Microwave oven
B. DECT Phone
C. Bluetooth
D. Wireless Video Camera
Correct Answer: C

Which two option describe implication of deploying autonomous APs in repeater mode? (Choose two)
A. The Ethernet port is disabled in repeater mode
B. You can configure multiple VLANs on repeater access point
C. You should disable Cisco Aironet extensions on the parent(root) AP and on the repeater APs D. The infrastructure
SSID should be assigned to the native VLAN
Correct Answer: AD

Which two statement about AP local authentication by FlexConnect AP in standalone mode are true?(choose two)
A. Only LEAP,EAP F AST,PEAP and EAP-TLS authentication are supported
B. Only the vendor certificate authority (CA) certificate has to be downloaded to the Cisco wireless LAN controller for
EAP-TLS authentication
C. Cisco wireless LAN controller must generate a certificate signing request by itself for submitting to a certificate
authority for signing.
D. A flexconnect group must be created so that the cisco wireless LAN Controller can push the certificate to the
flexconnect AP in the Flexconnect group.
Correct Answer: AD

Which two advanced WLAN options are required when deploying central web authentication with Cisco ISE? (Choose
A. P2P Blocking Action set to Drop.
D. DHCP Addr. Assignment disabled.
E. Allow AAA override enabled.
Correct Answer: BE
Fromlead4pass 400-351 exam question - q28 central-web-auth-00.html

Harry is a network engineer for a company, he is now upgrading a large autonomous WLAN deployment to LWAPP
operation. He has successfully imported a X.509 self-signed certificate into the WLC. But, when he tries to add
additional self-signed certificates, the WLC GUI reports a “Failed to Add entry” error.
Which command can diagnose the root cause of this problem?
A. Show wps summary
B. Show database summary
C. Show exlusionlist
D. Show sysinfo
Correct Answer: B

Which memchanism incorporates the channel capacity into the CAC determination and gives a much more accurate
assessment of the current call carrying capacity of the AP?
A. Static CAC.
B. Reserved roaming bandwidth(%).
C. Expedited bandwidth.
D. Metrics collection.
E. Load-based AC.
F. Max RF bandwidth (%).
G. Admission control.
Correct Answer: E
AP Call Capacity
A key part of the planning process for a VoWLAN deployment is to plan the number of simultaneous voice streams per
AP. When planning the voice stream capacity of the AP, consider the following points:

lead4pass 400-351 exam question - q30-icon

Note: A call between two phones associated to the same AP counts as two active voice streams. The actual number of
voice streams a channel can support is highly dependent on a number of issues, including environmental factors and
client compliance to WMM and the Cisco Compatible Extension specifications. Figure 9-11 shows the Cisco Compatible
Extension specifications that are most beneficial to call quality and channel capacity. Simulations indicate that a 5 GHz
channel can support 14-18 calls. This means a coverage cell can include 20 APs, each operating on different channels,
with each channel supporting 14 voice streams. The coverage cell can support 280 calls. The number of voice streams
supported on a channel with 802.11b clients is 7; therefore, the coverage cell with three APs on the three non-
overlapping channels supports 21 voice streams. Figure 9-11 Cisco Compatible Extension VoWLAN Featureslead4pass 400-351 exam question - q30

Call Admission Control (CAC) also benefits call quality and can create bandwidth reservation for E911 and roaming
calls. The 802.11e, WMM, and Cisco Compatible Extension specifications help balance and prevent the overloading of
a cell with voice streams. CAC determines whether there is enough channel capacity to start a call; if not, the phone
may scan for another channel. The primary benefit of U-ASPD is the preservation of WLAN client power by allowing the
transmission of frames from the WLAN client to trigger the forwarding of client data frames that are being buffered at the
AP for power saving purposes. The Neighbor List option provides the phone with a list that includes channel numbers
and channel capacity of neighboring APs. This is done to improve call quality, provide faster roams, and improve battery
life. wrapper/preface41.html
Understanding Static CAC As mentioned previously, there are two types of Admissions Control. Static CAC is based on
a percentage of the total Medium Times available and is measure in increments of 32 microseconds. In this section, we
will cover how to configure Static and Load-Based CAC and also how to debug it.
_troubleshoot/5_Troubleshooting_CAC_Rev1-2.html Load-Based CAC on the other hand is significantly more difficult to
debug. LBCAC is dynamic with regard to the algorithm used to decrement Medium Times from the total that is available.
LBCAC takes into consideration different metrics, such as load, Co-channel interference, SNR, etc. and will therefore
yield different results when tested. From our experience, it is very difficult to yield consistent results as RF fluctuates and
changes within the given environment. Results tend to vary from one cell area to another and even in cell areas that
yield the same signal strength.
o enable video CAC for this radio band, check the Admission Control (ACM) check box.
The default value is disabled.
n the Reserved Roaming Bandwidth field, enter the percentage of maximum allocated bandwidth reserved for roaming
video clients. The controller reserves this much bandwidth from the maximum allocated bandwidth for roaming video
Range: 0 to 25%
Default: 0%
in the Reserved Roaming Bandwidth field, enter the percentage of maximum allocated bandwidth reserved for roaming
voice clients. The controller reserves this much bandwidth from the maximum allocated bandwidth for roaming voice
Range: 0 to 25%
Default: 6%
To enable expedited bandwidth requests, check the Expedited Bandwidth check box.
The default value is disabled.
To enable TSM, check the Metrics Collection check box. The default value is disabled. Traffic stream metrics (TSM) can
be used to monitor and report issues with voice quality. In the Max RF Bandwidth field, enter the percentage of the
maximum bandwidth allocated to clients for voice applications on this radio band. Once the client reaches the value
specified, the access point rejects new calls on this radio band.lead4pass 400-351 exam question - q30-1 lan41dg -book/vowlan_ch8.pdf

During the Cisco 5760 WLC high availability active and standby process (elected or re- elected) which factor can
determine which Cisco 5760 WLC become active?
A. The cisco 5760 WLC the highest stack member priority value
B. the cisco 5760 WLC the highest IP address
C. the cisco 5760 WLC the lowest stack member priority value.
D. the cisco 5760 WLC the highest Mac address
Correct Answer: A

You are the network administrator of a Cisco Autonomous AP deployment. You want to stop a client with MAC address
5057.a89e.b1f7 and IP address from associating to your APs. Which configuration do you use ?
A. access-list 700 permit 5057.a89e.b1f7 0000.0000.0000 ! dot11 association mac-list 700
B. ip access-list 25 deny host ! interface Dot11Radio0 ip access-group 25 out ! interface Dot11Radio1 ip
access-group 25 out
C. ip access-list 25 deny host ! interface Dot11Radio0 ip access-group 25 in ! interface Dot11Radio1 ip access-
group 25 in
D. access-list 700 deny 5057.a89e.b1f7 0000.0000.0000 ! dot11 association on mac-list 700
Correct Answer: D

Which two impact dose TSPEC admission controlhave as it relates to 802.11e clients? (choose two)
A. Enforce airtime entitlement for wireless voice applications.
B. Ensure that call quality dose not degrade for existing VoWLAN calls.
C. Deny client access to the WLAN that do not meet the standard.
D. Allow access only for VoWLAN traffic when interference is detected.
Correct Answer: AB

Which two characteristics of an loT network are true? (Choose two.)
A. The transmission rate in an loT network is consistent.
B. loT networks must be designed for low-powered devices.
C. loT networks use IS-IS for routing.
D. loT networks are 100% reliable
E. loT networks are bandwidth constrained
Correct Answer: BE

Your customer has a Cisco Unified Wireless Network running AireOS 8.0 and wants to learn about the FlexConnect
mode that is available on his APs. Which two statements are true? (Choose two.)
A. A newly connected AP can be booted in FlexConnect mode.
B. When an AP is changed from Local mode to FlexConnect mode, a reboot is required.
C. Enhanced FlexConnect mode allows to enable wIPS on FlexConnect APs.
D. When an AP is changed from Local mode to FlexConnect mode, reboot is not required.
E. Using CCKM with FlexConnect APs requires the use of FlexConnect Groups.
F. FlexConnect was previously know as “H-TEEP”
Correct Answer: DE
4/configuration/guides/consolidated/b_cg74_CONSOLIDATED/b_cg74_CONSOLIDATED_ chapter_01000010.html _HREA.html

Refer to the exhibit.lead4pass 400-351 exam question - q36APs on VLAN 2100 can get IP address but cannotregister to the WLC TheiP address of the WLC management interface
is which option is the correct DHCP option 43 configuration.?
A. f10412f41cd9
B. f10418f404227
C. f10818f41cd0a181cf4a01c
D. f10418f404e3E. f1040a3f0701
Correct Answer: D

Refer to the exhibitlead4pass 400-351 exam question - q37Which statements about this CPU ACL is true?
A. A user on the network can use SSH to access the WLC.
B. A User on the network cannot use HTTPS to access the WLC GUI
C. A user on the network cannot use telnet to access the WLC 172.21.159..37
D. Any user on any other subnet can access the WLC.
Correct Answer: C

Your customer is thinking of migrating the exiting IEEE 802.11b/g network to an IEEE 802.11ac network which two
statement are true ?(choose two)
A. Backward compatibility need to be considered for the existing legacy IEEE 802.11b/g mobile devices.
B. Channel option are limited on the radio band UNII 3 due to DFS
C. Ensure that the WLANs have WMM enabled and support open or WPA2/AES encryption 1n order to reach IEEE
802.11ac speeds even on IEEE. 802.11ac clients
D. Fewer APs have to be proposed because the IEEE 802.llac network provides a faster speed and larger converge
area compared with the IEEE 802.11b/g network.
Correct Answer: AC

You are the network administrator for ACME corporation. Your organization has deployed a single Cisco 5500 Series
Wireless Controller with 100 Cisco Aironet 3500 Series Aps. A new IT member is worried that most of these Aps are
working at a power Ievel3 on the 5GHz radio specially. As this power level setting is causing issues in your wireless
network. Which option describes the likely cause of this behavior?
A. The WLC has been recently rebooted, which causes the TPC algorithm to set power level 3 on all APs for 90
B. The controller TPC algorithm seems to have a problem. It might have been set to work in TPCv2 mode instead of
C. The WLC is misconfigured because the static power of level 3 has been set for all the APs under TPC settings.
D. Cisco 7925 wireless IP Phones are in use and the DTPC feature is enabled on the 5 GHz radio.
Correct Answer: D
Tx Power Num Of Supported Power Levels . …….. 5 Tx Power Level 1 …………………… 18 dBm Tx Power Level 2
…………………… 15 dBm Tx Power Level 3……………………. 12 dBm Tx Power Level 4 …………………….. 9 dBm Tx Power
Level 5 …………………….. 6 dBm

In a VWLAN deployment, what autonomous ISO command should be used to ensure that VWLAN performance is not
adversely impacted by an unexpected channel change resulting from a DFS event triggered by a nearby airport radar
A. ap(config-if)#DFs band 1block
B. ap(config-if)#DFs band 23 block
C. ap(config-if)#DFs band 123 block
D. ap(config-if)#DFs band 13 block
E. ap(config-if)#DFs band 2 block
Correct Answer: B

We offer more ways to make it easier for everyone to learn, and YouTube is the best tool in the video.Follow channels: get more useful exam content.

Latest Cisco 400-351 YouTube videos:

Share 40 Authentic Cisco CCIE 400-351 Exam questions and answers for free to help you improve your skills and master some of the knowledge you cover! If you want to pass the exam easily, please select the full 400-351 exam dumps: (Total questions:277 Q&A)->> updated throughout the year! Make sure you pass the exam easily!

[PDF] Free Cisco 400-351 pdf dumps download from Google Drive:

[PDF] Free Full Cisco pdf dumps download from Google Drive:

Lead4pass Promo Code 12% Off

lead4pass 400-351 dumps

We share more practical and effective exam dumps
(Cisco,Microsoft,Oracle,Citrix,Comptia…) The latest cisco 642-998 exam dumps help you improve your skills

Last Updated on: February 27th, 2019 at 8:25 am, by admin

Written by admin